name: Build & Publish Docker Image on: push: branches: [main] tags: ['v*'] workflow_dispatch: env: REGISTRY: gitea.siegeln.net IMAGE_NAME: ${{ gitea.repository }} jobs: build-and-push: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Gitea container registry # Uses a personal access token (PAT) with write:package scope. # The default GITEA_TOKEN cannot push to the container registry. # Create the PAT under User Settings → Applications, add it as a repo # secret named REGISTRY_TOKEN, and (optionally) REGISTRY_USER if the # owning account differs from ${{ gitea.actor }}. uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ secrets.REGISTRY_USER || gitea.actor }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Derive tags id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=tag type=sha,format=short type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} - name: Build and push uses: docker/build-push-action@v6 with: context: . push: true # Target: Raspberry Pi 5 (arm64). Runner is arm64 too, so this is native + fast. # amd64 is buildable locally via `docker build` on dev machines. platforms: linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # Registry-based cache: uses the image registry itself for layer reuse. # Avoids the unreliable Gitea Actions cache HTTP backend. cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max